Small Automotive Company

Ransomware Prompted Search For Effective SIEM

The IT manager for a small automotive company leads the overall direction of IT for the company, managing many different divisions, including security. His team is composed of a systems administrator and help desk support analyst.

Another similar company had been hit by a ransomware breach that prompted them to take extra security measures. That company was down for several weeks after it had been compromised by attackers; they did not have a logging system in place and attackers had cleared their backups.

According to their IT manager, the small auto company’s current open-source security information and event management (SIEM) system that they had in place was not set up correctly or generating any information. They lacked the security knowledge needed to get meaningful use out of it as their IT manager’s background was more centered around infrastructure/IT, rather than security.

Blumira’s Greater Value vs. Arctic Wolf

Their IT manager attended a local information security and hacking conference. At the time of the conference, their IT manager was collecting information and reaching out to different SIEM vendors, including Blumira and Arctic Wolf.

“Being a small company, we were looking at what we get for the value – Blumira was coming in at less than half the price of what Arctic Wolf wanted. I couldn’t justify where that extra value was coming from, with Arctic Wolf,” their IT manager said.

Their IT manager needed to make the business case to the owners of the company to get sign off on the spend for a new SIEM solution. The company underwent security assessments to determine where their weak points were within the company, and logging was one of them.

When talking to Arctic Wolf, the sales team pitched them the offer to do all of their remediation for them.

“Well, you [Arctic Wolf] don’t know my environment – so I’m not ok with that. What I want is a solution that generates alerts for me, with a company that would be able to help me if I need to investigate further. That’s where Blumira came in,” their IT manager said.

Pricing was another major consideration when comparing the two solutions for the small company as they considered how to get the best return out of their security investments.

“The price was also a huge factor. To me, it was a great starting point; that’s how I sold it to the owners – here’s what we could get. Arctic Wolf is one of the leading providers in the market, but it cost $20,000 more. I’d rather put Blumira in place, knowing that it’s going to cover all of our needs, and then use that extra money to address our other security concerns,” their IT manager said.

Blumira’s pricing model and contract terms were more ideal and better suited to their company as well.

“Arctic Wolf wanted a three-year contract, everything up front,” their IT manager said. “Blumira is a year-long contract, but I pay monthly. That was the biggest thing – I got the value, and we weren’t stuck in a long-term contract using a product we weren’t sure if it was going to work out or not. Paying monthly means I can expense it out accordingly.”

Another major selling point was Blumira’s ability to offer and help set up a free trial for 30 days for the small auto company.

“Ease of setup was amazing – we called Dave, set an appointment for the following afternoon, and within an hour, our entire environment was up and running,” their IT manager said. “Deployment was pretty simple; it was a matter of setting up a Linux server, installing a script, then deploying across the network with PowerShell.”

While they are operating on primarily Windows and Linux machines and servers, they also have integrations set up with Duo Security, Sophos, firewalls, Palo Alto Cortex and Microsoft 365, and more.

Significantly Improved Pentest With Blumira in Place

“During our first pentest last year, they were able to drop a couple beacons on servers, drop password hashes; stuff we didn’t know what they were doing,” their IT manager said. “Blumira has matured since to alert us on that stuff. Using what they found, we worked with the pentest company to address as many issues as possible.”

The company never had a pentest prior to last year, but with Blumira, they saw a vast improvement this year.

“The results from this year’s pentest show that pretty much everything they tried, we got alerts within a few minutes [from Blumira],” their IT manager said. “Even the tester was very surprised about all the alerts we were getting. I’ve been nothing but impressed with how much Blumira evolved over the past couple of years we’ve been with you.”

According to their IT manager, the pentester told him – while it was super frustrating for him, it was also the most fun he’d had in forever, as he attempted to move around in their environment.

“The pentest started at 8:15am on a Monday morning, and within minutes, we were already getting P3 (Priority 3) internal reconnaissance alerts from Blumira,” their IT manager said. “We kept getting additional alerts on null sessions, password spraying, recon via net commands, registry dump, and more.”

Over time, their IT manager has seen additional value-add over the past years working with Blumira’s platform.

“Everytime I turn around, there’s more functionality within the application; more alerts are getting added – you can see that in the newsletter that comes out. I often go back into Blumira and make sure that’s all turned on for us,” their IT manager said.